【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
推荐试题
【判断题】
个人转让房屋的日期,以售房合同上注明的时间为准。
【判断题】
纳税人一次性缴税有困难的,可合理确定分期缴纳计划并报主管税务机关备案后,自发生上述应税行为之日起不超过5个自然年度内(含)分期缴纳个人所得税。
【判断题】
财产转让所得,以转让财产的收入额减除财产净值和合理费用后的余额,为应纳税所得额。
【判断题】
“家庭唯一生活用房”是指在中国境内纳税人(有配偶的为夫妻双方)仅拥有一套住房。
【判断题】
个体工商户每一纳税年度发生的与其生产经营活动直接相关的广告费和业务宣传费不超过当年收入15%的部分,可以据实扣除;超过部分,不准予在以后纳税年度结转扣除。
【判断题】
个体工商户向当地工会组织拨缴的工会经费、计提的职工福利费支出、职工教育经费支出分别在工资薪金总额的2%、14%、2.5%的标准内据实扣除。
【判断题】
对个人购买社会福利有奖募捐奖券一次中奖收入不超过10000元的暂免征收个人所得税,对一次中奖收入超过10000元的部分,应按税法规定征税。
【判断题】
学历(学位)继续教育:每月400元,报名的当月至教育结束的当月。
【判断题】
律师以个人名义再聘请其他人员为其工作而支付的报酬,应由该律师事务所按“劳务报酬所得”项目负责代扣代缴个人所得税。
【判断题】
个体工商户为从业人员缴纳的补充养老保险费、补充医疗保险费,分别在不超过工资总额5%标准内的部分据实扣除;超过部分,不得扣除。
【判断题】
纳税人只能享受一套住房贷款的利息扣除.
【判断题】
个人达到国家规定的退休年龄,领取的企业年金、职业年金,符合《财政部人力资源社会保障部国家税务总局关于企业年金职业年金个人所得税有关问题的通知》(财税〔2013〕103号)规定的,不并入综合所得,全额单独计算应纳税款。适用综合所得税率表计算纳税。
【判断题】
夫妻双方婚前分别购买住房发生的首套住房贷款利息支出,其贷款利息支出可以选择其中一套,约定一方按扣除标准的100%扣除。
【判断题】
在外商投资企业、外国企业和外国驻华机构工作的中方人员取得的工资、薪金收入,对雇佣单位和派遣单位分别支付工资、薪金的,采取由支付者中的一方减除费用的方法,即只由雇佣单位分支付工资、薪金时,按税法法规减除费用,计算扣缴个人所得税;派遣单位支付的工资、薪金不再减除费用,以支付全额直接确定适用税率,计算扣缴个人所得税。
【判断题】
兼职律师从律师事务所取得工资、薪金性质的所得,律师事务所在代扣代缴其个人所得税时,减除税法规定的费用扣除标准,扣除办理案件支出费用后的余额确定适用税率,计算扣缴个人所得税。
【判断题】
个人所得税各项所得的计算,以人民币为单位。所得为人民币以外货币的,按照办理纳税申报或者扣缴申报的当月最后一日人民币汇率中间价,折合成人民币计算应纳税所得额。
【判断题】
年度终了后办理汇算清缴的,对已经按月、按季或者按次预缴税款的人民币以外货币所得,不再重新折算;对应当补缴税款的所得部分,按照当年年度最后一日人民币汇率中间价,折合成人民币计算应纳税所得额。
【判断题】
个人以非货币性资产投资取得现金补价,现金部分足以缴税的,税款应一次结清;现金不足以全部缴清税款的,不足部分可以分期缴纳。
【判断题】
天使投资个人投资于种子期、初创期科技型企业的实缴投资满2年,投资时间从初创科技型企业接受投资日期算起。
【判断题】
空勤人员的飞行小时费和伙食费收入,应全额计入工资薪金所得计征个人所得税,不能给予扣除。
【判断题】
雇员为本企业提供非有形商品推销、代理等服务活动取得佣金、奖励和劳务费等名目的收入,按照劳务报酬所得应税项目缴纳个人所得税。
【判断题】
对个人通过非营利性的社会团体和政府部门对公益性青少年活动场所(其中包括新建)的捐赠,在计算个人所得税时未超过其申报的应纳税所得额30%的部分,准予从其应纳税所得额中扣除。
【判断题】
对个人通过非营利性的社会团体和政府部门向福利性、非营利性的老年服务机构的捐赠,在计算个人所得税时准予全额扣除。
【判断题】
个体工商户存货应按实际成本计价,领用或发出存货的核算,原则上采用后进先出法。
【判断题】
个体工商户无形资产从开始使用之日起,在有效使用期内分期均额扣除。作为投资或受让的无形资产,在法律、合同或协议中规定了使用年限的,可按该使用年限分期扣除;没有规定使用年限或是自行开发的无形资产,扣除期限不得少于20年。
【判断题】
个体工商户的固定资产是指在生产经营中使用的、期限超过1年且单位价值在5000元以上的房屋、建筑物、机器、设备、运输工具及其他与生产经营有关的设备、工器具等。
【判断题】
根据个人所得税核定征收管理的规定,发生纳税义务而未按规定期限办理纳税申报的,应核定征税。
【判断题】
市辖区户籍人口不超过100万的城市,扣除标准为每月1100元。
【判断题】
个人所得税法所称在中国境内有住所,是指在中国境内有住房。
【多选题】
根据个人所得税法的规定,以下项目按照超额累进税率计算个人所得税的是___。
A. 工资、薪金所得
B. 经营所得
C. 财产转让所得
D. 稿酬所得
【多选题】
下列属于综合所得中依法确定扣除的其他扣除项目___。
A. 大病医疗
B. 个人缴付符合国家规定的企业年金
C. 个人购买符合国家规定的商业健康保险
D. 住房公积金
【多选题】
下列关于纳税申报的规定,正确的是___。
A. 居民个人取得综合所得,按年计算个人所得税;有扣缴义务人的,由扣缴义务人按月或者按次预扣预缴税款;需要办理汇算清缴的,应当在取得所得的次年三月一日至六月三十日内办理汇算清缴
B. 纳税人取得经营所得,按年计算个人所得税,由纳税人在月度或者季度终了后十五日内向税务机关报送纳税申报表,并预缴税款;在取得所得的次年三月三十一日前办理汇算清缴
C. 纳税人取得应税所得,扣缴义务人未扣缴税款的,纳税人应当在取得所得的次年三月一日至六月三十日内缴纳税款;税务机关通知限期缴纳的,纳税人应当按照期限缴纳税款
D. 居民个人从中国境外取得所得的,应当在取得所得的次年三月一日至六月三十日内申报纳税
【多选题】
个人所得的形式,包括现金、实物、有价证券和其他形式的经济利益,以下说法正确的是___。
A. 所得为实物的,应当按照取得的凭证上所注明的价格计算应纳税所得额
B. 无凭证的实物或者凭证上所注明的价格明显偏低的,参照市场价格核定应纳税所得额
C. 所得为其他形式的经济利益的,参照市场价格核定应纳税所得额
D. 所得为有价证券的,根据市场价格核定应纳税所得额
【多选题】
根据个人所得税法的相关规定,下列各项中不需要缴纳个人所得税的是___。
A. 中国铁路总公司发行的铁路债券利息收入
B. 外籍个人以现金形式取得的住房补贴
C. 军人的转业费、复员费、退役金
D. 安徽省人民政府颁发的环境保护方面的奖金
【多选题】
个体工商户业主、个人独资企业投资者、合伙企业个人合伙人、承包承租经营者个人以及其他从事生产、经营活动的个人取得应税经营所得包括的情形有___。
A. 个体工商户从事生产、经营活动取得的所得,个人独资企业投资人、合伙企业的个人合伙人来源于境内注册的个人独资企业、合伙企业生产、经营的所得
B. 个人依法从事办学、医疗、咨询以及其他有偿服务活动取得的所得
C. 个人从事设计、装潢、表演等劳务取得的所得
D. 个人从事其他生产、经营活动取得的所得
E. 个人承包、承租、转包、转租取得的所得
【多选题】
取得综合所得需要办理汇算清缴的情形包括___。
A. 从两处以上取得综合所得,且综合所得年收入额减除专项扣除的余额超过6万元
B. 取得劳务报酬所得、稿酬所得、特许权使用费所得中一项或者多项所得,且综合所得年收入额减除专项扣除的余额超过6万元
C. 纳税年度内预缴税额低于应纳税额
D. 纳税人申请退税
【多选题】
根据个人所得税法有关规定,专项附加扣除的规定正确的是___。
A. 取得经营所得的个人,没有综合所得的,专项附加扣除预缴时不扣除,在办理汇算清缴时减除
B. 专项扣除、专项附加扣除和依法确定的其他扣除,以居民个人一个纳税年度的应纳税所得额为限额;一个纳税年度扣除不完的,可以结转以后年度扣除
C. 居民个人取得工资、薪金所得时,可以向扣缴义务人提供专项附加扣除有关信息,由扣缴义务人扣缴税款时减除专项附加扣除
D. 纳税人同时从两处以上取得工资、薪金所得,并由扣缴义务人减除专项附加扣除的,对同一专项附加扣除项目,在一个纳税年度内只能选择从一处取得的所得中减除
【多选题】
扣缴义务人向居民纳税人支付以下哪项所得时( ),不需要按照预扣预缴方法计算税款___。
A. 劳务报酬所得
B. 利息、股息、红利所得
C. 财产租赁所得
D. 财产转让所得
【多选题】
下列对个人独资企业征收生产经营项目个人所得税的表述,错误的是___。
A. 个人独资企业每一纳税年度的收入总额包括销售收入、劳务服务收入、股息利息收入、工程价款收入、财产出租或转让收入、其他业务收入和营业外收入等
B. 个人独资企业应当分别核算企业生产经营费用和投资者及其家庭发生的生活费用。生产经营费用与投资者及其家庭发生的生活费用混合在一起,并且难以划分的,其40%视为与生产经营有关费用,准予扣除
C. 投资者兴办两个或两个以上个人独资企业的,年度终了后应办理汇算清缴,企业的年度经营亏损可以跨企业互相弥补
D. 投资者应当在注销个人独资企业工商登记之前,向主管税务机关结清有关税务事宜。企业的清算所得应当视为年度生产经营所得,由投资者依法缴纳个人所得税
【多选题】
国家税务总局决定将个人所得税《税收完税证明》(文书式)调整为《纳税记录》,以下说法正确的是___。
A. 从2019年1月1日起,纳税人申请开具税款所属期为2019年1月1日(含)以后的个人所得税缴(退)税情况证明的,税务机关不再开具《税收完税证明》(文书式),调整为开具《纳税记录》
B. 纳税人2019年1月1日以后取得应税所得并由扣缴义务人向税务机关办理了全员全额扣缴申报,或根据税法规定自行向税务机关办理纳税申报,没有实际缴纳税款的,不可以申请开具《纳税记录》
C. 纳税人可以通过电子税务局、手机APP申请开具本人的个人所得税《纳税记录》,也可到办税服务厅申请开具。
D. 纳税人对个人所得税《纳税记录》存在异议的,可以向该项记录中列明的税务机关申请核实。